====== VPN univr ======

====== ubuntu ======

<code bash>
sudo apt install network-manager-vpnc network-manager-vpnc-gnome
</code>

====== arch ======

<code>
paru networkmanager-vpnc
</code>

====== network manager ======


<code>
yay -S networkmanager-vpnc
</code>

add VPN cisco compatible from network manager:
  * gateway: remote.univr.it
  * username: ateneo\01scpsfn29
  * password: xxx
  * group: univr
  * group password: univr


{{:tips:vpn:vpn1.png?400|}}

{{:tips:vpn:vpn2.png?400|}}


or create /etc/NetworkManager/system-connections/univr.nmconnection (chmod 600 and owned by root)
<code>
[connection]
id=univr
uuid=234f1f79-0a96-4be0-991e-75622ead54d0
type=vpn
autoconnect=false
permissions=user:scipio:;
timestamp=1630335537

[vpn]
IKE DH Group=dh2
IPSec ID=univr
IPSec gateway=remote.univr.it
IPSec secret-flags=0
Local Port=0
NAT Traversal Mode=natt
Perfect Forward Secrecy=server
Vendor=cisco
Xauth password-flags=0
Xauth username=xxx
ipsec-secret-type=save
xauth-password-type=save
service-type=org.freedesktop.NetworkManager.vpnc

[vpn-secrets]
IPSec secret=univr
Xauth password=xxx

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]
</code>


====== bastion (jump box) ======

{{ :tips:vpn:mfa.jpg |}}

~/.ssh/config
<code>    
Host umfa
  Hostname mfa-ssh-srv.univr.it 
  User 01scpsfn29
  ForwardAgent yes

Host ucd
  Hostname cd-www-srv.univr.it
  User 01scpsfn29
  ProxyJump umfa

Host ustage
  Hostname stage-dev.univr.it
  User 01scpsfn29
  ProxyJump umfa
</code> 


Oppure, al posto di google auth, si può usare keepassxc utilizzando totp e la "secret key"

{{:tips:vpn:totp.png?400|}}